In its continued efforts to further enhance security while logging onto HBZweb, HBZ
offers its clients multiple security options for accessing and transacting online.
Some security features such as receiving an SMS every time your account is accessed
or entering a challenge are set as defaults whilst others are required for
certain types of transactions and/or are optional.

This ensures that eBanking customers have four levels of security to protect their
information and puts the power of access only in the hands of the user. You choose
the level and complexity of your security, so you are assured of a secure banking
session. Be sure to read the Security Advisory on the login page as well.

Basically, authenticator is a program that locally runs on a Smartphone, and
generates a 6-digit authentication code randomly to verify customer identity.
It prevents unauthorized access to the account - even in the case of
compromised password.

HBZ Authenticator is an integral part of the HBZ Mobile App. and runs on a
registered Smartphone only. To get HBZ Authenticator, please download HBZ
App from Apple Store or Google Play.

Salient Features of HBZ Authenticator are as follows:

No need to carry Secure Key or additional gadget, as HBZ Authenticator works on client’s Smartphone.

It works on TOTP algorithm (global standard and used by most international and local banks)

Single mobile phone can be used for multiple entities/usernames to generate Authenticator code. Each entity will have its own username with the Bank with appropriate profile (maker or checker)

No need for connectivity to either Wi-Fi or Mobile network to generate code, as HBZ Authenticator works offline once registered.

Multiple mobile phones can be registered for a single user to obtain code.

In order to further enhance security while logging onto HBZweb a "challenge"
code has been introduced. A dynamically generated 5-digit challenge embedded in
a graphic background is displayed whenever the HBZweb login screen appears on a
user's browser. In addition to the Login ID, password and the optional secure
key, the use has to enter the challenge digits displayed in the specified field.
This feature enhances security as the challenge image is only visible to human
eyes and given it refreshes every time the login screen appears, it prevents
automated processes from guessing HBZweb passwords.

HBZsecure Key

Welcome to the world of secure convenience with HBZsecure Key. Apart from 128
bit security, the highest level of security on the web today, to commercial and
proprietary firewalls and User Name and Password protection, the Bank has
developed an unique HBZSecure Key that works in combination with existing HBZweb
banking User Names, Passwords and Challenge Mechanisms.

HBZsecure Key is a security key, which is provided as a CD. Each CD is specially
configured for the customer account with a Very Long Variable Password (VLVP).
Once a client has this proprietary "Key", they can access their accounts and
make real time transfers, access other services, etc. from any computer that
has Internet access.

To apply for a HBZsecure Key, login to your HBZweb account and select "Request
for HBZSecure Key".

HBZotp - One-Time Password

An authentication process called HBZotp (One Time Password) for its HBZsecure Key
users was introduced in order to further enhance security for HBZweb transactions
such as HBZcms, HBZwps, etc.

Every HBZweb subscriber currently using a HBZsecure Key must register either their
mobile number or email ID. Upon logging-in with the HBZsecure Key, a "one time
password" (HBZotp) is sent via SMS, email or both depending upon the subscription
selection, for each session log-in. This OTP will has to be entered before accessing
services such as HBZcms, HBZwps, etc. Each SMS or email will contain an OTP as well
as a reference number for the individual session and will also be displayed on the
screen. This will allow the user to match the OTP with the correct session. Each
OTP will be valid for 5 minutes only.

HBZotp has become mandatory effective from April 15, 2012. Customers are requested
to subscribe to this service before the deadline for uninterrupted access to
services. To apply, download the application form by selecting "Download Request
Form" from the option selection menu once you, have logged into your HBZweb account.

HBZcram - Challenge Response Authentication Mechanism

For customers who want to add an additional level of security, a revolutionary
feature called "HBZcram: challenge-response-authentication-mechanism" has been
provided as an option. HBZcram is a unique security feature that uses a combination
of the web and a JAVA™ enabled mobile phone to generate an authentication code.
HBZcram is a free program which runs on any Java™ enabled mobile / smart
device. Please log on to HBZweb and go to the My Profile section to learn
more and download HBZcram.